Method and system for data encryption and decryption

ABSTRACT

An aspect of the of the invention may include the transfer of a block of data from a first memory location to a second memory location in a DRAM. During the transfer of the block of data from the first memory location, if an encryption mode is selected, the data may be buffered, encrypted, and then stored in the second memory location. If a decryption mode is selected, the transferred data may be buffered, decrypted and then stored in the second memory location. If a bypass mode is selected, the data may be buffered and then stored in the second memory location. In this regard, the encryption/decryption operations may be bypassed.

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

[0001] This application makes reference to, claims priority to andclaims the benefit of United States Provisional patent application Ser.No. ______ (Attorney Docket No. 14884US01) entitled “System and Methodfor Data Encryption and Decryption” filed on Mar. 14, 2003.

[0002] This application also makes reference to:

[0003] U.S. patent application Ser. No. ______ (Attorney Docket No.14888US02) entitled “Method And System For Controlling AnEncryption/Decryption Engine Using Descriptors” filed on Apr. 16, 2003;

[0004] U.S. patent application Ser. No. ______ (Attorney Docket No.14889US02) entitled “Method And System For Data Encryption/DecryptionKey Generation And Distribution” filed on Apr. 16, 2003;

[0005] U.S. patent application Ser. No. ______ (Attorney Docket No.14890US02) entitled “Method And System For Secure Access And ProcessingOf An Encryption/Decryption Key” filed on Apr. 16, 2003; and

[0006] U.S. patent application Ser. No. ______ (Attorney Docket No.US02) entitled “Method And System For Data Encryption And Decryption”filed on Apr. 16, 2003.

[0007] The above stated applications are incorporated herein byreference in their entirety.

FIELD OF THE INVENTION

[0008] Certain embodiments of the invention relate to data security.More specifically, certain embodiments of the invention relate to amethod and system for memory to memory data encryption and decryption.

BACKGROUND OF THE INVENTION

[0009] In some conventional encryption applications, it is necessary tosend data to a hard disk to be encrypted and retrieve data from the harddisk for decryption. One such application is personal video recording(PVR). In such systems, the encryption/decryption functions areimplemented by separate devices between the ATA host adapter and the ATAbus connector. ATA stands for AT Attachment, a standardized interfaceused by storage devices such as hard disk drives, CD drives and DVDdrives. ATA compatible drives may also be referred to as integrateddrive electronics (IDE) drives. One drawback with conventional separatedevice implementations is that unencrypted or “clear” data is availableat the interface between the ATA host adapter and the externalencryption/decryption chip, and can be intercepted and stored inunencrypted form. Additionally, the encryption used in conventionalsystems is not particularly “strong” and could be broken relativelyeasily.

[0010] Further limitations and disadvantages of conventional andtraditional approaches will become apparent to one of skill in the art,through comparison of such systems with some aspects of the presentinvention as set forth in the remainder of the present application withreference to the drawings.

BRIEF SUMMARY OF THE INVENTION

[0011] Certain embodiments of the invention provide a method and systemfor data encryption and decryption. An aspect of the method for dataencryption and decryption may include the transfer of a block of datafrom a first memory location to a second memory location in a randomaccess memory such as a DRAM. During the transfer of the block of datafrom the first memory location, if an encryption mode is selected, thedata may be buffered, encrypted, and then stored in the second memorylocation. In another aspect of the invention, if during the transfer ofthe block of data from the first memory location, a decryption mode isselected, the data may be buffered, decrypted and then stored in thesecond memory location. In another aspect of the invention, if duringthe transfer of the block of data from the first memory location, abypass mode is selected, the data may be buffered and then stored in thesecond memory location. In this regard, the encryption and decryptionoperations are bypassed.

[0012] A method for encrypting and decrypting data on a chip may includereceiving data from a memory device coupled to a first memory interfaceand determining whether an encryption, decryption or bypass operationshould be performed on the received data. An encryption or decryptionoperation may be executed on the received data within the chip. Anyresulting encrypted or decrypted data from the encryption or decryptionoperation, or from the bypass operation may be transferred back to thememory device.

[0013] At least one encryption key may be identified for use duringencryption of the received data. Similarly, at least one decryption keymay be identified for use during decryption of the received data. Anencryption/decryption processor may be instructed to perform anencryption operation using one or more encryption keys if an encryptionoperation is selected to be performed. An encryption/decryptionprocessor may be instructed to perform a decryption operation using oneor more encryption keys if a decryption operation is selected to beperformed. In a case where a bypass operation is to be performed, thenthe encryption/decryption processor may be adapted to bypass theencryption and decryption operation. The data received from the memorydevice may be buffered in at least one buffer integrated within the chipprior to the execution of the encryption and decryption operations.Similarly, the resulting data from the encryption and decryptionoperations, and from the bypass operation may be buffered prior to beingtransferred back to the memory device. Data received from the memorydevice may be received from a first location of the memory device andtransferring back to a second memory location of the memory device. Thememory device may be external to the chip.

[0014] Another embodiment of the invention provides, a machine-readablestorage, having stored thereon a computer program having at least onecode section for providing memory to memory data encryption anddecryption, the at least one code section executable by a machine forcausing the machine to perform the steps as described above.

[0015] Another aspect of the invention provides a system for encryptingand decrypting data on a chip. The system may include at least onebuffer adapted to receive data from a memory device coupled to a firstmemory interface. At least one key and encryption/decryption selectorand controller may be adapted to determine which one of an encryption,decryption and bypass operations is to be performed on the receiveddata. The at least one encryption/decryption processor may be adapted toexecute either one of the encryption and decryption operations on thereceived data within the chip. Any resulting data from the encryptionand decryption operations, and data from the bypass operation may betransferred back to the memory device.

[0016] The key and encryption/decryption selector and controller may befurther adapted to identify one or more encryption keys to be utilizedduring execution of the encryption operation. Similarly, the key andencryption/decryption selector and controller may be further adapted toidentify one or more decryption keys to be utilized during execution ofthe decryption operation. The key and encryption/decryption selector andcontroller may be also further adapted to instruct anencryption/decryption processor to perform execution of the encryptionoperation using one or more of the encryption keys if said determinedoperation is an encryption operation. Additionally, if a decryptionoperation is to be performed, the key and encryption/decryption selectorand controller may be further adapted instruct the encryption/decryptionprocessor to execute the decryption operation using one or more of thedecryption keys. At least one selector may be adapted to select a bypassof the encryption and decryption operations of the encryption/decryptionprocessor, whenever it is determined that a bypass operation should beperformed. The at least one buffer, which may be located within thechip, may be adapted to buffer the received data prior to execution ofthe encryption and decryption operations. The buffer may be adapted tobuffer the resulting data from the encryption and decryption operations,and to buffer the data from the bypass operation prior to beingtransferred back to the memory device.

[0017] In accordance with an aspect of the invention, the system mayinclude a memory interface adapted to receive data from a first locationof the memory device and to transfer the resulting encrypted anddecrypted data, and the bypass data to a second memory location of thememory device. The memory interface may be integrated within the chipand the memory device located externally to the chip. A CPU interfacemay be adapted to provide control of the chip via an external processor.

[0018] These and other advantages, aspects and novel features of thepresent invention, as well as details of a illustrated embodimentthereof, will be more fully understood from the following descriptionand drawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

[0019]FIG. 1 is a block diagram of an exemplary system for memory tomemory encryption/decryption in accordance with an embodiment of theinvention.

[0020]FIG. 2 is a block diagram illustrating the encryption/decryptionof data using exemplary memory to memory system of FIG. 1 in accordancewith an embodiment of the invention.

[0021]FIG. 3 is a flow chart illustrating exemplary steps for encryptingand decrypting data in accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

[0022] Certain embodiments of the invention provide a method and systemfor data encryption and decryption. An aspect of the method for dataencryption and decryption may include the transfer of a block of datafrom a first memory location to a second memory location in a randomaccess memory such as a DRAM. During the transfer of the block of datafrom the first memory location, if an encryption mode is selected, thedata may be buffered, encrypted, and then stored in the second memorylocation. In another aspect of the invention, if during the transfer ofthe block of data from the first memory location, a decryption mode isselected, the data may be buffered, decrypted and then stored in thesecond memory location. In another aspect of the invention, if duringthe transfer of the block of data from the first memory location, abypass mode is selected, the data may be buffered and then stored in thesecond memory location. In this regard, the encryption and decryptionoperations may be bypassed.

[0023]FIG. 1 is a block diagram of an exemplary system for memory tomemory (MEM-MEM) encryption/decryption in accordance with an embodimentof the invention. Referring to FIG. 1, there is shown a chip 102 havingintegrated therein, an memory DMA block (MEM-DMA) block 118 and a memoryinterface block 106. The memory DMA block 118 may include FIFO block110, 3DES block 112, CPU interface 116 and key and encryption/decryptionselect and control block 122. The encryption/decryption block processor114 may include FIFO block 108 and 3DES block 112.

[0024] The memory interface block 106 may be integrated within chip 102and may be adapted to provide connectivity between the memory DMA block118 and memory block 104. The memory interface block 106 may be, forexample, a memory controller. Accordingly, suitable logic and/or a bus120 may provide connectivity between the memory interface block 106 andthe memory 104. The memory 104 may be a random access memory (RAM) suchas a dynamic RAM (DRAM). In a case where memory 104 is a DRAM, thenmemory interface block 106 may be a DRAM controller. However, theinvention is not limited in this regard, and other types of memories andcorresponding memory controllers may be utilized.

[0025] The key and encryption/decryption select and control block 122may include suitable control logic and/or circuitry that may be adaptedto select a function to be performed by the encryption/decryptionprocessor block 114. In this regard, the encryption/decryption processorblock 114 may be adapted to select or deselect one of an encryptionoperation, a decryption operation and a bypass function. The controllogic and/or circuitry in the key and encryption/decryption select andcontrol block 122 may further be adapted to facilitate selection andcontrol of encryption and decryption keys to be utilized by the 3DESblock 112. In this regard, the encryption/decryption select and controlblock 122 may control which of a plurality of keys may be utilized bythe 3DES block 112. The key and encryption/decryption select and controlblock 122 may further include suitable control logic and/or circuitrythat may be adapted to provide various select signals that may be usedto route data throughout chip 102 when any of the encryption,decryption, or bypass functions or operations may be required.

[0026] The CPU interface block 116 may include suitable logic and/orcircuitry that may be adapted to provide control of the operation ofchip 102 by an external processor. The external processor may be a hostprocessor.

[0027] In operation, data to be encrypted by the encryption/decryptionprocessor block 114 may be transferred to the FIFO block 108 in theencryption/decryption processor block 114, where it may be buffered. Thedata may be transferred from a first memory location in memory block104. Notwithstanding, the memory interface block 106 may be adapted tocontrol the transfer of the unencrypted data from the memory block 104to the FIFO block 108 for decryption.

[0028] The key and encryption/decryption select and control block 122may select an encryption operation to be performed by theencryption/decryption processor control block 114. The key andencryption/decryption select and control block 122 may also be adaptedto select and supply appropriate encryption keys to be utilized by theencryption/decryption processor control block 114 during the encryptionoperation. The 3DES block may utilize the supplied encryption keys toencrypt the data. The encrypted data may be buffered in FIFO 110. Thememory interface block 106 may be adapted to control the transfer of theencrypted buffered data from FIFO 110 to the memory block 104. In thisregard, the encrypted data may be stored in a second memory locationthat differs from the location in memory block 104 where the unencrypteddata was originally stored.

[0029] In operation, encrypted data requiring decryption by theencryption/decryption processor block 114 may be transferred to the FIFOblock 108 in the encryption/decryption processor block 114, where it maybe buffered. The data may be transferred from a first memory location inmemory block 104. Notwithstanding, the memory interface block 106 may beadapted to control the transfer of the encrypted data from the memoryblock 104 to the FIFO block 108 for decryption.

[0030] The key and encryption/decryption select and control block 122may be adapted to select a decryption operation to be performed by theencryption/decryption processor control block 114. The key andencryption/decryption select and control block 122 may also be adaptedto select and supply appropriate decryption keys to be utilized by theencryption/decryption processor control block 114 during the encryptionoperation. The 3DES block 112 may utilize the supplied decryption keysto encrypt the data. The decrypted data may be buffered in FIFO 110. Thememory interface block 106 may be adapted to control the transfer of thedecrypted buffered data from FIFO 110 to the memory block 104. In thisregard, the decrypted data may be stored in a second memory location,which may differ from the location in memory block 104 where theencrypted data was originally stored.

[0031]FIG. 2 is a block diagram illustrating the encryption/decryptionof data using the exemplary memory to memory system of FIG. 1 inaccordance with an embodiment of the invention. Referring to FIG. 2,there are shown FIFO buffers 204, 206, selector 210, key andencryption/decryption select and control block 212, and 3DES block 208.

[0032] The selector 210 may be a multiplexer having a select lineadapted to select between a first input and a second input of theselector 210. By selecting between a first input and a second input ofselector 210, an encryption/decryption or a bypass mode of operation maybe selected. In the encryption/decryption mode of operation, an outputof the 3DES block 208 may be coupled to a second input of the selector210, thereby buffering an encrypted or decrypted output of the 3DESblock 208 in FIFO 206. In the bypass mode of operation, incoming datafrom a bus control block, for example, the memory interface block 106 ofFIG. 1, may be communicated through a first input of selector 210 intoFIFO buffer 206. The bus control block may then control the writing ofdata from the FIFO buffer into, for example, a memory such as memoryblock 104 of FIG. 1.

[0033] FIFOs 204, 206 may be adapted to buffer incoming data andoutgoing data respectively. In this regard, FIFOs 204, 206 may include afirst input clock and a second input clock signals. The buffers 204, 206may be adapted to handle n-bits wide data, where n may be equivalent to128, for example. The 3DES block may also include an input clock signal.The selector 210, FIFO buffers 204, 206 and 3DES block 208 may beadapted to handle n-bit wide data. In one aspect of the invention, n maybe 128 or other suitable value.

[0034] In operation, data received from a bus control block forencryption may be buffered in FIFO buffer 204. During the encryptionoperation, suitable logic may be adapted to deselect or disable a firstinput of selector 210 and select or enable a second input of selector210. In this regard, the key and encryption/decryption select andcontrol block 212 may include suitable logic and/or circuitry that maybe adapted to control the select pin of selector 210. In this regard,the key and encryption/decryption select and control block 212 may beadapted to select appropriate inputs of the selector 210, depending onthe mode of operation. The key and encryption/decryption select andcontrol block 212 may also be adapted to select and supply keys to beutilized by the 3DES block 114 during the encryption operation. Usingthe appropriate encryption keys, the 3DES block may encrypt the data.The encrypted data may subsequently be communicated through selector 210via its second input and buffered in FIFO 206.

[0035] In operation, data received from a bus control block fordecryption may be buffered in FIFO buffer 204. During the decryptionoperation, the key and encryption/decryption control block 212 may beadapted to deselect or disable a first input of selector 210 and selector enable a second input of selector 210. In this regard, the key andencryption/decryption select and control block 212 may control theselect pin of selector 210 to disable the first input of selector 210and enable the second input of selector 210. The key andencryption/decryption select and control block 212 may also be adaptedto select and supply appropriate decryption keys to be utilized by the3DES block 114 during the decryption operation. Using the appropriatedecryption keys, the 3DES block may decrypt the data. The decrypted datamay subsequently be communicated through selector 210 via its secondinput and buffered in FIFO 206.

[0036] In operation, during the bypass mode of operation, the 3DES block208 may be bypassed, and the data is neither encrypted nor decrypted,but remains in its same state. In this regard, the key andencryption/decryption select and control block 212 may control theselect pin of selector 210 to enable the first input of selector 210 anddisable the second input of selector 210. As a result, the data from thebus control register may bypass FIFO 204 and 3DES block 208, passthrough the first input of selector 210 and be buffered in FIFO 206.

[0037]FIG. 3 is a flow chart illustrating exemplary steps for encryptingand decrypting data in accordance with an embodiment of the invention.Referring to FIG. 3, the exemplary steps may start with step 302.Subsequently, in step 304, data may be received from a memory devicecoupled to a first memory interface. In step 306, the received data maybe buffered. In step 308, a determination may be made as whether anencryption operation should be performed on the received data. If anencryption operation should be performed, then in step 310, anencryption operation may be executed on the received data. If anencryption operation should not be performed, then in step 312, adetermination may be made as to whether a decryption operation should beperformed on the received data. If a decryption operation should beperformed, then in step 314, a decryption operation may be executed onthe received data. If a decryption operation should not be performed onthe received data, then in step 316, a bypass operation may beperformed. Subsequent to steps 314 and 316, step 318 may be performed.In step 318, resulting data from the bypass operation, encryptionoperation or decryption operation may be transferred to the memorydevice. The exemplary steps may end at step 320.

[0038] In another aspect of the invention, a 3DES encryption/decryptionsimulation may be provided to illustrate exemplary encryption anddecryption processes. During the simulation, an input data may acquiredfrom an input file. For example, an input file, namelytest1.encrypt.dat, may contain the following information:

[0039] 0 0 01234567 89abcdef fedcba98 76543210

[0040] 23456789 abcdef01

[0041] 456789ab cdef0123

[0042] In this regard, the input file may specify a 3DES encryptionusing a key of, for example, 01234567 89abcdef fedcba98 76543210, on two64-bit words of data. The two 64-bits words may be 23456789abcdef01 andfedcba9876543210.

[0043] Upon executing the 3DES operation using, for example the 3DESblock 208 of FIG. 2 with the test1.encrypt.dat input file, an outputfile may be generated. In this regard, an output file, namelytest1.encrypt.dat.out, may be generated. The contents of the generatedtest1.encrypt.dat.out file may be as follows:

[0044] a47606af 132eeff7

[0045] 792e2b91 7c75dce4

[0046] The encrypted data in test1.encrypt.dat.out may be decryptedusing the following test1.decrypt.dat.in file. The contents of thetest1.decrypt.dat.in file may be as follows.

[0047] 1 0 01234567 89abcdef fedcba98 76543210

[0048] a47606af 132eeff7

[0049] 792e2b91 7c75dce4

[0050] Upon decryption of the test1.decrypt.dat.in file, an output file,namely, test1.decrypt.dat may be generated. The contents oftest1.decrypt.dat file may be as follows.

[0051] 23456789 abcdef01

[0052] 456789ab cdef0123

[0053] In this case, the decryption returns the original data.

[0054] Accordingly, the present invention may be realized in hardware,software, or a combination of hardware and software. The presentinvention may be realized in a centralized fashion in one computersystem, or in a distributed fashion where different elements are spreadacross several interconnected computer systems. Any kind of computersystem or other apparatus adapted for carrying out the methods describedherein is suited. A typical combination of hardware and software may bea general-purpose computer system with a computer program that, whenbeing loaded and executed, controls the computer system such that itcarries out the methods described herein.

[0055] The present invention may also be embedded in a computer programproduct, which comprises all the features enabling the implementation ofthe methods described herein, and which when loaded in a computer systemis able to carry out these methods. Computer program in the presentcontext means any expression, in any language, code or notation, of aset of instructions intended to cause a system having an informationprocessing capability to perform a particular function either directlyor after either or both of the following: a) conversion to anotherlanguage, code or notation; b) reproduction in a different materialform.

[0056] While the present invention has been described with reference tocertain embodiments, it will be understood by those skilled in the artthat various changes may be made and equivalents may be substitutedwithout departing from the scope of the present invention. In addition,many modifications may be made to adapt a particular situation ormaterial to the teachings of the present invention without departingfrom its scope. Therefore, it is intended that the present invention notbe limited to the particular embodiment disclosed, but that the presentinvention will include all embodiments falling within the scope of theappended claims.

What is claimed is:
 1. A method for encrypting and decrypting data, themethod comprising: receiving data from a memory device coupled to afirst memory interface; determining which one of an encryptionoperation, a decryption operation and a bypass operation to be performedwithin a chip on said received data; if said determined encryptionoperation is to be performed, executing said encryption operation onsaid received data within said chip; and transferring resulting datafrom said executed encryption operation back to said memory device; ifsaid determined decryption operation is to be performed, executing saiddecryption operation on said received data within said chip; andtransferring resulting data from said executed decryption operation backto said memory device; if said determined bypass operation is to beperformed, executing said bypass operation on said received data withinsaid chip; and transferring said received data back to said memorydevice.
 2. The method according to claim 1, further comprisingidentifying at least one encryption key to be utilized for saidexecution of said encryption operation.
 3. The method according to claim2, further comprising identifying at least one decryption key to beutilized for said execution of said decryption operation.
 4. The methodaccording to claim 3, further comprising: instructing anencryption/decryption processor to perform said execution of saidencryption operation using said at least one encryption key if saiddetermined operation is an encryption operation; and instructing anencryption/decryption processor to perform said execution of saiddecryption operation using said at least one decryption key if saiddetermined operation is a decryption operation.
 5. The method accordingto claim 4, further comprising bypassing said encryption and decryptionoperations of said encryption/decryption processor if said bypassoperation is to be performed.
 6. The method according to claim 1,further comprising buffering said received data in at least one bufferintegrated within said chip prior to said execution of said encryptionand decryption operations.
 7. The method according to claim 6, furthercomprising buffering said resulting data from said encryption anddecryption operations, and said data from said bypass operation in saidat least one buffer prior to said transfer back to said memory device.8. The method according to claim 1, wherein said receiving furthercomprises receiving said data from a first location of said memorydevice and said transferring further comprises transferring saidresulting data and said bypass data to a second memory location of saidmemory device.
 9. The method according to claim 1, wherein said memorydevice is external to said chip.
 10. A machine-readable storage havingstored thereon, a computer program having at least one code section forencrypting and decrypting data, the at least one code section executableby a machine for causing the machine to perform steps comprising:receiving data from a memory device coupled to a first memory interface;determining which one of an encryption operation, a decryption operationand a bypass operation to be performed within a chip on said receiveddata; if said determined encryption operation is to be performed,executing said encryption operation on said received data within saidchip; and transferring resulting data from said executed encryptionoperation back to said memory device; if said determined decryptionoperation is to be performed, executing said decryption operation onsaid received data within said chip; and transferring resulting datafrom said executed decryption operation back to said memory device; ifsaid determined bypass operation is to be performed, executing saidbypass operation on said received data within said chip; andtransferring said received data back to said memory device.
 11. Themachine-readable storage according to claim 10, further comprising codefor identifying at least one encryption key to be utilized for saidexecution of said encryption operation.
 12. The machine-readable storageaccording to claim 11, further comprising code for identifying at leastone decryption key to be utilized for said execution of said decryptionoperation.
 13. The machine-readable storage according to claim 12,further comprising code for instructing an encryption/decryptionprocessor to perform said execution of said encryption operation usingsaid at least one encryption key if said determined operation is anencryption operation and for instructing an encryption/decryptionprocessor to perform said execution of said decryption operation usingsaid at least one decryption key if said determined operation is adecryption operation.
 14. The machine-readable storage according toclaim 13, further comprising code for bypassing said encryption anddecryption operations of said encryption/decryption processor if saidbypass operation is to be performed.
 15. The machine-readable storageaccording to claim 10, further comprising code for buffering saidreceived data in at least one buffer integrated within said chip priorto said execution of said encryption and decryption operations.
 16. Themachine-readable storage according to claim 15, further comprising codefor buffering said resulting data from said encryption and decryptionoperations, and said data from said bypass operation in said at leastone buffer prior to said transfer back to said memory device.
 17. Themachine-readable storage according to claim 10, wherein said receivingcode further comprises code for receiving said data from a firstlocation of said memory device and said transferring further comprisestransferring said resulting data and said bypass data to a second memorylocation of said memory device.
 18. The machine-readable storageaccording to claim 10, wherein said memory device is external to saidchip.
 19. A system for encrypting and decrypting data, the systemcomprising: at least one buffer adapted to receive data from a memorydevice coupled to a first memory interface; at least one key andencryption/decryption selector and controller adapted to determine oneof an encryption, decryption and bypass operations to be performed onsaid received data; at least one encryption/decryption processor adaptedto execute one of said encryption and decryption operations on saidreceived data within a chip; and said at least one encryption/decryptionprocessor adapted to facilitate transfer of one of a resulting data fromsaid encryption and decryption operations, and data from said bypassoperation back to said memory device.
 20. The system according to claim19, wherein said key and encryption/decryption selector and controlleris further adapted to identify at least one encryption key to beutilized for said execution of said encryption operation.
 21. The systemaccording to claim 20, wherein said key and encryption/decryptionselector and controller is further adapted to identify at least onedecryption key to be utilized for said execution of said decryptionoperation.
 22. The system according to claim 21, wherein said key andencryption/decryption selector and controller is further adapted toinstruct an encryption/decryption processor to perform said execution ofsaid encryption operation using said at least one encryption key if saiddetermined operation is an encryption operation and to instruct saidencryption/decryption processor to perform said execution of saiddecryption operation using said at least one decryption key if saiddetermined operation is a decryption operation.
 23. The system accordingto claim 22, further comprising at least one selector adapted to selecta bypass of said encryption and decryption operations of saidencryption/decryption processor if said bypass operation is to beperformed.
 24. The system according to claim 19, wherein said at leastone buffer is adapted to buffer said received data in said at least onebuffer integrated within said chip prior to said execution of saidencryption and decryption operations.
 25. The system according to claim24, wherein said at least one buffer is adapted to buffer said resultingdata from said encryption and decryption operations, and to buffer saiddata from said bypass operation in said at least one buffer prior tosaid transfer back to said memory device.
 26. The system according toclaim 19, further comprising a memory interface adapted to receive saidreceived data from a first location of said memory device and transfersaid resulting data and said bypass data to a second memory location ofsaid memory device.
 27. The system according to claim 26, wherein saidmemory interface is integrated within said chip.
 28. The systemaccording to claim 19, wherein said memory device is external to saidchip.
 29. The system according to claim 19, further comprising a CPUinterface adapted to provide control of said chip via an externalprocessor through the CPU interface.